I know there's a lot of posts on this forum about postfix, but I haven't found the answer... The problem is that I can't send emails to any external e-mail address (I'm using ISPConfig - the perfect setup on Debian Etch). However, I can receive all emails and I can successfully send emails locally (for example, from [email protected] to [email protected] - when the domain.com is hosted on my ISPConfig server) This is what I get in the mail.log when I try to send to an external e-mail address: Jan 9 01:32:36 server1 postfix/smtp[7867]: connect to mxs.mail.ru[194.67.23.20]: Connection timed out (port 25) Jan 9 01:32:36 server1 postfix/smtp[7867]: 7656E7041AF: to=<[email protected]>, relay=none, delay=30, delays=0.06/0.01/30/0, dsn=4.4.1, status=deferred (connect to mxs.mail.ru[194.67.23.20]: Connection timed out) Please note that I can ping 194.67.23.20 from the server Port 25 is not blocked. Actually, the problem started when I changed the ISP (naturally I had to change the IP addresses everywhere, and everything works except for sending mails). Any ideas? Please?
I think you should/need to give us more information. Is mxs.mail.ru your mail provider? I assume with "Port 25 is not blocked." you mean your port 25. You should try to connect port 25 of mxs.mail.ru, though, e.g. by means of telnet. I just did and mxs.mail.ru answers just fine. As till suggested, you might have a problem connecting to mxs.mail.ru because your servers IP address has no reverse DNS entry. I cannot check that for you, though. If you provide us with your IP we can check it. Or you look for one of the may on-line tools which provide DNS checks. http://www.rscott.org/dns/ http://ip-address.domaintools.com/ (click on the D icon) and http://network-tools.com/ might help. HTH, -- xrat
Dear Till, the server has a range of fixed IPs (10 IPs) Dear Xrat, mxs.mail.ru is not my mail provider, the log just shows that I tried to send an e-mail from my server to [email protected] I know that some mail servers reject e-mails from addresses that have no reverse DNS entry, but mail.ru is not one of them. If it helps, I was trying to send an email from [email protected] (mensbest.ru is hosted on my ISPConfig server, and it's IP is 80.70.237.55)
DNS Server Response: lan-237-055.users.mns.ru Your reverse DNS looks kind of screwy to the mail server your describing. You might need to get it changed to reflect your actual mail record with your ISP. I wouldnt be comfortable with using mail.ru either. Its on a ton of blacklists. that may be your problem too. Use your ispconfig manager to add the record mail.mensbest.ru and mx record for mail.mensbest.ru where you control mensbest.ru then your dns server will be pointing to correct mail sub domain as your own mail server. Check to make sure your ifconfig lists 80.70.237.55 as your IP address. If it lists a local IP address then setup your IPgateway to allow true static IP management and call your ISP to find out what is the Subnet they made for your IP 80.70.237.55. Give the Ifconfig IP 80.70.237.55 and that subnet and the DNS servers your ISP told you to use to use that static IP. at that point your mail.mensbest.ru will be its own dependant mail server. If you got a netblock of statics you should be using one of the static ips for its own mail server. it looks better for RDNS and some email servers will deny email if you dont have rDNS set up on it own static ip for mail servers.
The thing is, mail.mensbest.ru is already set up the way you described, and the e-mail account [email protected] from which I'm trying to send e-mails uses mail.mensbest.ru as pop3 & smtp. I was using [email protected] just as an example of an external e-mail address. It's the same with any other external address. For example, now I'm trying to send an email from [email protected] to [email protected] Here is the log (actually I notice that there are some warnings, so it's a bigger part of log, please note that 80.70.237.60 is the IP of the windows pc with an e-mail client that I'm using to send an email): Jan 9 16:44:12 server1 postfix/smtpd[20005]: warning: 80.70.237.60: address not listed for hostname lan-237-060.users.mns.ru Jan 9 16:44:12 server1 postfix/smtpd[20005]: connect from unknown[80.70.237.60] Jan 9 16:44:12 server1 postfix/smtpd[20005]: 382D47041C1: client=unknown[80.70.237.60], sasl_method=PLAIN, sasl_username=mensbest.ru_mail Jan 9 16:44:12 server1 postfix/cleanup[20009]: 382D47041C1: message-id=<[email protected]> Jan 9 16:44:12 server1 postfix/qmgr[5564]: 382D47041C1: from=<[email protected]>, size=848, nrcpt=1 (queue active) Jan 9 16:44:12 server1 postfix/smtpd[20005]: disconnect from unknown[80.70.237.60] Jan 9 16:44:42 server1 postfix/smtp[20010]: connect to g.mx.mail.yahoo.com[206.190.53.191]: Connection timed out (port 25) Jan 9 16:45:12 server1 postfix/smtp[20010]: connect to a.mx.mail.yahoo.com[209.191.118.103]: Connection timed out (port 25) Jan 9 16:45:42 server1 postfix/smtp[20010]: connect to c.mx.mail.yahoo.com[216.39.53.3]: Connection timed out (port 25)
Call your ISP and tell them to change the reverse DNS Record 80.70.237.60 lan-237-060.users.mns.ru to 80.70.237.60 mail.mensbest.ru and then make sure you got port 587 enabled for the SMTP workaround port. While your ISP may not have port 25 blocked there maybe 5000 billion other people with different ISPs that do block it. So allow port 587 as well. It usually only takes a few minutes to set a new rDNS record by your ISP for your static ip. But it can take a couple hours. It looks like your mail is getting blocked becuase your reverse dns setup by your ISP is not right. It doesnt look right either. Jan 9 16:44:12 server1 postfix/smtpd[20005]: warning: 80.70.237.60: address not listed for hostname lan-237-060.users.mns.ru is a problem
Thank you for your reply, but I don't think it's an option for me to call ISP and ask them to change the reverse DNS Record for just one mail server mail.mensbest.ru. In fact, mensbest.ru is just one site hosted currently, but dozens (if not hundreds) more are expected, and each of these sites would have its own mail server. So if the reason for my mail getting blocked is indeed the reverse dns setup, then it's a big problem for me
It doesnt matter. Its still on the same machine. it will still work if you give each domain name its own mx record mail.theredomain.com when it access your machine for there email addresses. So your clients make there website mail.customersdomain.com and your servers IP address and it will still point to the same machine. But you still need the reverse dns setup for your main website as a act of good practice to comminicate with all outside mail servers. Its also good preform the same step for your nameservers. for example. http://www.howtoforge.com/ispconfig_dns_godaddy Also your ISP should not charge you to setup PTR aka reverse dns records. but you should do it for your main website. All it takes is a call to your ISPs techinical support and verify your account information with them. You can setup DNS and Name Servers. But reverse dns is something the ISP has to do becuase they are the provider of the static IP. my reverse dns use to resolve to 75-blah-blah-business.comcast.net now it resolves to mail.mydomain.com after i called them and told them to set up the reverse dns. and my clients can make there mx record mail.whatevertheredomainis.com and use outlook to connect to this address and it will connect becuase its still the same machine. get it? Reverse DNS setup with ISP = free Glue Records from Registrar = free = good compliant webserver that still works with wildcard MX domain names. You dont have to setup this records for all your clients. Just the main domain name your going to be using to Service everyone elses. Your domain is special becuase it provides services to others domains. So yes your ns1.whatever.com ns2.whatever.com mail.whatever.com needs this setup. your clients dont. all they got to do is set the nameserver ns1.yourdomain.com and ns2.yourdomain.com in there registar and you add there records in ISPconfig and it works. its that easy. Another example I have mail.mymain.com my clients record is mail.wrestlingsite.com in there ISPconfig same server box/same IP it will still resolve correctly and allow there email clients to connect to the email server using that name mail.wrestlingsite.com using that IP address given in there control panel in there ISPconfig. Becuase the IP address is still the same of mail.mydomain.com which the IP has been setup in rDNS to resolve to mail.mysite.com with my ISP.
It might be that yahoo is blocking you, too. But in any case, as I suggested, you should check with telnet or similar tools that your server(s) actually can make connections to any port 25 out there. HTH.
Yahoo doesnt block connections to port 25 normaly. However he is on a .ru domain so he could be. Thats why enabling port 587 is important so you can verify those things.
Thank you for your replies, I think I'll do what you are suggesting about the PTR, in the meantime, as it turns out, I can't telnet any external smtp server. Here's smtp.mail.ru, for example, it's the same with any other: ---------------------------------- telnet smtp.mail.ru 25 Trying 194.67.23.111... ---------------------------------- and that's it, no connection I tried the same thing from another ISP successfully: ---------------------------------- telnet smtp.mail.ru 25 Trying 194.67.23.111... Connected to smtp.mail.ru. Escape character is '^]'. 220 mail.ru ESMTP Thu, 10 Jan 2008 17:20:51 +0300 ----------------------------------
Dear Falko, thank you, I checked all the IPs on my server with this tool, but no, none of them are black-listed. What beats me, I can successfully ping, for example, smtp.mail.ru. My port 25 is open. But I can't telnet.....
Thank you, the problem is now solved. There was something wrong on the ISP side. I don't know what it was (they didn't tell me), but after a letter to the tech support of the ISP the problem just went away. I wish I knew what it was, because I still don't understand how it was possible for the ISP to block smtp connections while keeping port 25 open. Anyway, now everything is OK.
